You can achieve this with either a dual-circuit connection (usually fairly expensive) or by updating DNS records.

I don't think PFSense has the built-in functionality to update the DNS records if one WAN is down (please feel free to correct me), so you could use a provider like DNSMadeEasy and their DNS Failover.

I think you would need to create a gateway group and use it for the IPsec interface.

[EDIT]

Apparently the DynDNS can use a gateway group too so no need for the likes of DNSMadeEasy.

@jimp:

It should work fine though for pfSense to pfSense you need both the IPsec tunnel set to a failover gateway group and a DynDNS entry set to the same failover gateway group, and then use that dyndns host as the remote peer address for the other side.

Then when WAN1 fails to WAN2, the dyndns IP changes, so the far side knows to accept the new peer, and that's where IPsec will start connecting from.

In the local network part of the phase 2, put Address and 10.10.10.210. Directly underneath that, put the NAT address to show the other side, 172.16.199.1.

For the remote network, if you need to reach all of 10/8, put that, otherwise put in the IP address they gave, 10.120.0.32

L2TP on its own is only an unencrypted tunneling protocol.

For your applications, TINC is better - But a pfsense openvpn client with a TAP interface can do it.

I really only use openvpn for "road warrior" type configurations on end clients.

I think thats what it does best.

But it is flexible and if you handle routing correctly you can get what you want from it.

Logs? Look at the gateway and gateway monitoring on both sides of the tunnel, apinger might be an issue–-

maybe, somebody have manual on connect freebsd (pfsense) to ipsec+xl2tpd (l2tp) server as client?
i have server host, username, password and pks key

Yes should be possible.
on the pfsense side it should work, I don't know the TL-R600VPN router.
I have the somewhat the same setup, only the other end is a computer.

Froussy
can you please show some screenshots of how you configured this?
I think I might be having a similar problem with my site-to-site vpn… thanks

Is this bug fixed as of 2.1.4? I have one IPSEC tunnel that always seems to go down after a while, and nothing short of fully rebooting the router gets it running again.  This is an APU2 router in our office that's running 2.1.4, tunneling into our DC which also runs pfSense.  The DC router has 5 IPsec tunnels set up on it, all configured the same way - only this one seems problematic.

skyebrenzo, did you set up appropriate phase2 entries? I.e., at site1, you'll want a phase 2 with local = road warrior IP range, remote = site2 IP range, and at site2 the other way around (local = site2 range, remote = road warrior range).

Thanks, Thor!

The tunnels have remained pretty stable for the past few days since I relaxed DPD's tolerances, so I'm keeping my fingers crossed.  However, if they start to flake out on me again, that is my next step  :)

Maybe this post can help you:
https://forum.pfsense.org/index.php?topic=69771.msg437477#msg437477